<?php
session_start();
ini_set('date.timezone', 'America/New_York');
include'connect_db.php';

if(!isset($_SESSION['user']))
	header("Location: login.php");

$user = mysql_real_escape_string($_SESSION['user']);
$result = mysql_query("SELECT * FROM user WHERE id = $user");
$row = mysql_fetch_array($result);

if($row['type'] != 2)
	die;

$ip = mysql_real_escape_string($_POST['ip']);
$email = mysql_real_escape_string($_POST['email']);

if($email != '' && $ip == '')
	$result = mysql_query("SELECT * FROM user WHERE paypal = '$email'") or die(mysql_error());
else if($email == '' && $ip != '')
{
	$result = mysql_query("SELECT * FROM user WHERE id IN(SELECT user FROM login_history WHERE ip = '$ip' GROUP BY user)") or die(mysql_error());
}
else if($email != '' && $ip != '')
{
	$result = mysql_query("SELECT * FROM user WHERE paypal = '$email' AND id IN(SELECT user FROM login_history WHERE ip = '$ip' GROUP BY user)") or die(mysql_error());
}
else
{
	$result = mysql_query("SELECT * FROM user");
}

while($row = mysql_fetch_array($result))
{
	$subresult = mysql_query("SELECT * FROM login_history WHERE user = ".$row['id']." ORDER BY timestamp DESC LIMIT 1");
	$subrow = mysql_fetch_array($subresult);

	if(mysql_num_rows($subresult) == 0)
	{
		$ip = $row['ip'];
	}
	else
	{
		$ip = $subrow['ip'];
	}
	echo "<tr><td>".$row['id']."</td>";
	echo "<td>".$ip."</td>";
	echo "<td>".$row['username']."</td>";
	echo "<td>".$row['paypal']."</td>";
	echo "<td>".$row['summoner']."</td>";
	echo "<td><a href = 'member-log.php?id=".$row['id']."' class='btn btn-success btn-xs'>View log</a><input type = 'submit' class='btn btn-success btn-xs' value = 'Update' /><a href = '#' class='btn btn-success btn-xs' onclick = 'ban(".$row['id'].")'>Ban</a></td></tr></form>";
}

?>